TENDABLE LIMITED

Kit prep

Kit Prep is an app designed to help manage drug pack logistics and station based drugs. This includes supporting processes around: replenishment, delivery, usage and inventory of drug packs, as well as usage and inventory of station based drugs. Kit Prep helps reduce paperwork, improve inventory accuracy and support operations.

Features

• Specially developed for healthcare medicines management across multiple sites
• Live view of drug pack inventory across whole network
• Able to track and manage individual drug packs and users
• Specialised apps adapted for each part of medicines supply chain
• Customisable for different drug pack configurations and access roles
• API feed into customer data warehouse for detailed reporting
• Integration with existing data sources (e.g. ESR for login)
• Camera and Bluetooth scanning options for quick data entry
• Ability to self administer the system
• Able to integrate with paper or electronic drug usage forms

Benefits

• Provides medicines management assurance across multiple sites
• Simple iOS interface makes the system easy for staff
• Significantly reduced effort and paperwork
• Able to deploy and manage at scale through MDM
• Reporting allows detailed audit and compliance checks
• Excellent CQC evidence of medicines management assurance
• Operational oversight of inventory and stock levels
• Warns staff on medicines issues e.g. expired drugs
• Proven solution in use in major ambulance service
• Staff able to instantly report medicines management issues

£3,000 to £4,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@tendable.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

673748168025976

Contact

Robert Thornton
020 7435 7349
finance@tendable.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Kit Prep is available on iOS tablets. It aims to be backwards compatible providing support to devices on the two previous OS versions. The app requires internet access
• System requirements:
  • Compatible iOS devices
  • Internet access
  • Ability to upgrade to the latest version of the app
  • Licences require for usage
  • Compatible processes and approach

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our response times are typically within 24 hours between Monday to Friday 09:00 to 17:30 GMT excluding English bank holidays. We may take longer to respond outside office hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Online, email and phone support is included within the software licence fee. On site support will be provided at a cost (from £850 per day ex VAT, depending on level of support required)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All users will be provided with all the material they need to get up and running including Registration documentation as well as User guides and Getting Started guidance. Supported implementation provides onsite training and set up support and can be tailored to each customer's requirements.
• Service documentation: No
• End-of-contract data extraction: Users will be provided with an electronic copy of their data in flat data format.
• End-of-contract process: Included in the price of the contract: At the end of contract, the customer will have the option for Kit Prep to archive or delete their data. Users will be provided with an electronic copy of their data in flat data format. All users access to the Kit Prep application will be revoked. Not included in the price of the contract: Any additional requirements such as tailored data or reports will be subject to additional costs.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems: IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The services is only designed to work on iOS ipads/ tablet devices and does not work on desktops.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Reporting data can be accessed through the API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: The system is sized above the current demand but allows services to be scaled to meet demand. The system is monitored to identify when extra resources are required to be deployed.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics are provided through a specific reporting app and the reporting API
• Reporting types: API access

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Data at rest protection is encrypted and assured by the Service provider.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is provided to customers data warehouses
• Data export formats: Other
• Other data export formats: JSON SQL
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 98% service availability, assured by Cloud Service provider assertion
• Approach to resilience: Available on request
• Outage reporting: Email alert

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: Each registering user's details are validated with the nominated customer representative as an authorised user before the user is permitted to access the application. Access is then conducted through the app with this username and password, including SHA-2 and 2048-bit encryption. Unless specifically requested by the customer, users must register with their organisation email (i.e. not personal emails).
• Access restrictions in management interfaces and support channels: Currently end-users do not have direct access to management interfaces / support channels; administration is managed through direct phone / email / in-person discussions with customers.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI GROUP
• ISO/IEC 27001 accreditation date: 12/01/24
• What the ISO/IEC 27001 doesn’t cover: The entire business is covered by the ISO certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The CEO is the executive sponsor of our Information Security Management System. The CFO is the responsible for all Information Security. The Information Security Manager is responsible for ensuring the Information Security Management System is adhered to and remains appropriate. We are an ISO 27001 accredited organisation which has a full suite of information security policies and processes which covers all aspects of Access Control, Asset Management, HR Security, Systems acquisition, Development and Maintenance & Supplier Management.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our product change process employs process management systems to record all change requests, tracking them through planning, development, and delivery. These systems provide a full change history of our products development. All changes are risk assessed based on the potential impact from both a functional and security to the service and a full roll back plan is in place.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We conduct vulnerability scanning across all external company devices and systems through an external provider. Patches and remediations are to be deployed to devices and systems within 48 hours.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We maintain logs of user activity, access to the system and have a process to review these logs for any suspicious activity. Any potential compromise will follow our internal security incident management policy for investigation and reporting. All data breaches will be assessed and where applicable be reported to the ICO where customer personal identifiable data is concerned within 72 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We employ a security incident management policy as defined by our Information Security Management System which defines a common approach to the logging, assessment, reporting and resolution to each potential breach. All users are trained on this policy upon induction then at minimum once per year for a knowledge refresh or after a change ensuring they have the knowledge on reporting. The process is in place for any data or systems classified as private and/or confidential and includes personal data.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As an application designed to remove physical processes and digitise, the service has an inherently positive impact on carbon footprint. Additionally cloud infrastructure, flexible working and remote support model all deliver a light carbon footprint of operation.

  Covid-19 recovery

  Our solutions are designed around quality improvement and were used extensively to aid with COVID-19 assurance, training and guidance. As we move to a recovery environment our solutions are used to help reduce wasted capacity in the system, improve patient flow and drive operation efficiencies.

  Tackling economic inequality

  Our solutions are created to ensure that any user from any background can adopt our application; using the same methodologies as android and IOS, therefore economic background should not be a barrier to using our tools. Additionally, our solutions are designed to support transient workforces across varied economic and geographic domains, for example audits can be completed offline so WIFI is not required in out of reach areas. Tendable participate in healthcare outreach projects in lesser developed healthcare systems alongside our customers to support the sharing of best practise.

  Equal opportunity

  We are an equal opportunity employer, have an extremely diverse workforce and we value diversity of background, skill set and thought.

  Wellbeing

  At Tendable we offer a psychologically safe workplace and ensure all team members have support they need, from our mental-health first aider programme to our external well-being support services. Our office spaces are designed to have a variety of different workspaces, have onsite gyms and yoga classes. For our customers we offer a tool build within our solution to gain quality assurance over the health and wellbeing of their workforce.

Pricing

• Price: £3,000 to £4,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Time limited implementation of app to demonstrate efficacy and business case for customer

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@tendable.com. Tell them what format you need. It will help if you say what assistive technology you use.